Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 443982 - Skype with qt-static and pax-kernel results in build failure
Summary: Skype with qt-static and pax-kernel results in build failure
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-20 03:43 UTC by Francisco Blas Izquierdo Riera
Modified: 2013-01-25 21:00 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2012-11-20 03:43:13 UTC 
paxctl refuses to mark the skype binary when built with the qt-static USE flag. Please warn users and mark the flags as mutually exclusive.

Reproducible: Always
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2012-11-20 04:19:29 UTC 
putting a couple of notes here.

I think we don't want to use the pax_kernel use flag (and make it so pax_kernel and qt-static are mutually exclusive).  This is because I feel that pax_kernel may be used for xattr markings eventually and since pax_kernel apparently works with xattr pax markings it would cause sadness.

In the near term we can probably mark it, when xattr markings become more common I think an ewarn or something may be needed to state the inconsistencies.

blueness, what is the plan for xattr markings and the pax_kernel use flag?
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2012-12-02 12:40:43 UTC 
well, I guess nobody wanted to hear this but Skype doesn't have a static version of it's 4.1.0.20 release which is now in Portage.

so unless new skype is broken also for dynamic version, there is nothing left to do here now ...
Comment 3 Roman Žilka 2013-01-25 21:00:33 UTC 
+1 voice for xattr marks and unmasking. The ebuild could also allow the emerge if the kernel happens to have no CONFIG_PAX_NOEXEC. A hardened profile doesn't imply hardened sources, and hardened sources still do not 100% imply that PAX_NOEXEC is set.